Method and system for attribute exchange in a heterogeneous federated environment
First Claim
1. A method for managing user attribute information within a data processing system, the method comprising:
- receiving from a user a request for a resource at a service provider;
determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user;
sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user;
receiving a response message from the first attribute information provider at a point-of-contact server associated with the service provider;
determining that the response message comprises an attribute assertion; and
forwarding the attribute assertion for interpretation or validation from a point-of-contact server to a trust proxy associated with the service provider.
1 Assignment
0 Petitions
Accused Products
Abstract
A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user'"'"'s attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, may maintain a trust relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP does not have a trust relationship with one of the user'"'"'s AIPs, then the ECSP can rely upon a trust proxy to interpret and validate an attribute assertion that is received from an AIP.
360 Citations
18 Claims
-
1. A method for managing user attribute information within a data processing system, the method comprising:
-
receiving from a user a request for a resource at a service provider;
determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user;
sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user;
receiving a response message from the first attribute information provider at a point-of-contact server associated with the service provider;
determining that the response message comprises an attribute assertion; and
forwarding the attribute assertion for interpretation or validation from a point-of-contact server to a trust proxy associated with the service provider. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product in a computer readable medium for use in a data processing system for managing user attribute information, the computer program product comprising:
-
means for receiving from a user a request for a resource at a service provider;
means for determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user;
means for sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user;
means for receiving a response message from the first attribute information provider at a point-of-contact server associated with the service provider;
means for determining that the response message comprises an attribute assertion; and
means for forwarding the attribute assertion for interpretation or validation from a point-of-contact server to a trust proxy associated with the service provider. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus for managing user attribute information, the apparatus comprising:
-
means for receiving from a user a request for a resource at a service provider;
means for determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user;
means for sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user;
means for receiving a response message from the first attribute information provider at a point-of-contact server associated with the service provider;
means for determining that the response message comprises an attribute assertion; and
means for forwarding the attribute assertion for interpretation or validation from a point-of-contact server to a trust proxy associated with the service provider. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification